CVE-2025-48989NVD

Vulnerability Summary

Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1 through 9.0.107. Older, EOL versions may also be affected.

Users are recommended to upgrade to one of versions 11.0.10, 10.1.44 or 9.0.108 which fix the issue.

Severity Level

HIGH(7.5)

Published Date

Aug 13, 2025

Last Modified

May 12, 2026

Exploitation Status

????

EPSS Score (30-Day)

1.02%Probability

Root Weakness (CWE)

CWE-404: Unknown/Unlisted Weakness ↗

Refer to the official MITRE database for detailed architectural specifications regarding this weakness.

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

ScopeUnchanged

ConfidentialityNone

IntegrityNone

AvailabilityHigh

External References

https://lists.apache.org/thread/9ydfg0xr0tchmglcprhxgwhj0hfwxlyf
http://www.openwall.com/lists/oss-security/2025/08/13/2
https://www.kb.cert.org/vuls/id/767506
https://cert-portal.siemens.com/productcert/html/ssa-032379.html

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2025-48989NVD

Vulnerability Summary

External References